Download presentation
Presentation is loading. Please wait.
Published byColleen Thomas Modified over 7 years ago
1
Wireless Security: Principles & Tools Sebastian Büttrich, NSRC edit: September 2010, GARNET http://creativecommons.org/licenses/by-nc-sa/3.0/
2
Reminder: Aspects of IT Security Confidentiality Integrity Availability Authenticity Non-repudiation Risk management
3
“Wireless Security” The term “wireless security” is most often used as synonym for “keeping unwanted users out of your network” & “encrypting traffic” This addresses to some extent (!) – Confidentiality – Integrity – Availability However, none of these are fully secured by “wireless security”!
4
“Wireless Security” The idea of “wireless security” seems to be changing: in the old days, it meant: “How do I keep the outsider out”? Maybe, today it means: “How do I keep the insider from clogging up my network?”
5
“Wireless Security” When discussing “wireless security”, dont assume that the wired side is so much more secure! Most threats are NOT specifically wireless! Biggest threats today probably: – Windows computers – Virus/bots/trojans – Uncontrolled file sharing – Systems not prepared for high bandwidth connectivity and many dynamic users
6
“Wireless Security” The idea of “wireless security” seems to be changing: in the old days, it meant: “How do I keep the outsider out”? Maybe, today it means: “How do I keep the insider from clogging up my network?”
7
“Wireless Security” A healthy way of looking at security on the network level: – The network is the streets and roads – Many people and vehicles travel on these roads – Streets and roads are open, or mostly open – we dont lock people into their houses – If we need to transport money from A to B – we use a protected vehicle (= “end-to-end security”)
8
General Security / Authentication Methods for Wireless Hidden / Closed networks May be found by passive sniffers anyway Misleading “Security by Obscurity”
9
General Security / Authentication Methods for Wireless Key based encryption of wireless network (WEP/WPA) WEP is easily crackable – merely symbolic safety WPA takes longer, but is crackable If anything, use WPA2 – but even that is vulnerable WPA might force you to offer a lot of user support
10
General Security / Authentication Methods for Wireless MAC (hardware address) based ACL MAC black/whitelisting on AP or gateways Might be useful for stable user groups, registered equipment Difficult to maintain, easy to spoof
11
General Security / Authentication Methods for Wireless Summary of key based and ACL methods While none of those offers 100% security, appropriate combinations may give reasonable protection All of these are hard to maintain with fast changing, large usergroups All of these pose communication challenges – how to hand out keys? How to keep MAC lists up-to-date?
12
Essential tools Reminder: think layers! Working with wireless security to some extent means working with compromising tools
13
Essential tools Physical layer: Spectrum analyzers: airview, wispy Packet sniffers: kismet – Netstumbler (windows) Network layer: etherape (no admin tool – just quick visual overview) General networking and management tools: wireshark, ntop, mrtg, rrdtool, nmap, mtr WEP/WPA/WPA2 cracking: aircrack etc Tool collections: backtrack
14
Spectrum Analyzers Real spectrum analyzers very expensive, but USB analyzers are a reasonable compromise e.g. AirView (2.4 GHz), WiSpy (2.4 – 5.8 GHz) Pure physical layer! They will show you non-WiFi stuff, like microwave ovens, jamming attempts, bluetooth phones, etc
15
Spectrum Analyzers: Airview
16
Spectrum Analyzers: WiSpy
17
analyzers / demo Offer for LAB!
18
What is kismet? Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system. Works in raw monitoring (rfmon) mode, and (with appropriate hardware) can sniff 802.11b, 802.11a, 802.11g, and 802.11n traffic. It is passively collecting packets and detecting standard named networks, detecting (and given time, decloaking) hidden networks, and presence of nonbeaconing networks via data traffic.
19
kismet - strengths Server – Client architecture Drones: distributed kismet servers running on remote devices, reporting back to central server, allow for the building of distributed reporting and intrusion detection systems Kismet is powerful - especially when combined with other tools like wireshark, nmap
20
kismet - Installing I The following guide assumes you are on Ubuntu 9.10 / GNU/Linux - but works for other systems accordingly. Get kismet via apt-get (or synaptic) $ apt-get install kismet edit /etc/kismet.conf - Definition of sources is a must. Sources are defined as: source=sourcetype,interface,name[,initialchannel] For the list of sourcetypes, see the README or online documentation.
21
kismet - Installing II $ vi /ect/kismet.conf source=sourcetype,interface,name[,initialchannel] e.g. source=ipw3945,wlan0,my_internal_card start kismet $ kismet
22
Start screen
23
What does kismet show? List of SSIDs Note: it also shows networks with hidden SSIDs / no beacons - just blank! If a client associates to those, you will also see the SSID.
24
What does kismet show? T = Type PProbe request - no associated connection yet AAccess point - standard wireless network HAd-hoc - point to point wireless network TTurbocell - Turbocell aka Karlnet or Lucent Router GGroup - Group of wireless networks DData - Data only network with no control packets
25
What does kismet show? W = Encryption Colour = Network/Client Type: YellowUnencrypted Network RedFactory default settings in use! GreenSecure Networks (WEP, WPA etc..) Blue SSID cloaking on / Broadcast SSID disabled
26
kismet - options (Some of the) Options: cShow clients in current network hHelp i Detailed info about current network sSort network list rPacket rate graph aStatistics pDump packet type QQuit
27
kismet - Network info
28
Client info
29
Kismet scan USIU
33
What is etherape? Etherape is not really a security tool, but it gives a very useful quick first view of traffic in your network. For example, in case you have a spam virus in your network, you will see this immediately. It also gives you a good feel for what various applications, such as skype or torrent clients, are doing to your network.
34
etherape screenshot
35
Case: UEW Garnet, port 15715 :)
36
What is wireshark? Wireshark, formerly known as ethereal, is a powerful packet dumping and analyzing program Extermely nice filtering for fast identification of problems, e.g. specific protocols (e.g. ARP), IP numbers, or keywords
37
wireshark screenshot
39
wireshark for ARP trouble
40
wireshark / demo Offer for LAB!
41
That was it... Thank you! sebastian@less.dk http://wire.less.dk Sebastian Büttrich, wire.less.dk edit: September 2010 http://creativecommons.org/licenses/by-nc-sa/3.0/
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.